Overview

overview

10

Static

static

3

2025-03-07...it.exe

windows7-x64

10

2025-03-07...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2025, 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-07_1a959249d78a3a300b5719584df79322_icedid_ramnit.exe

  • Size

    384KB

  • MD5

    1a959249d78a3a300b5719584df79322

  • SHA1

    fa4f7c973db2f806da22ddaf06787dd627d0c9c3

  • SHA256

    7287aa6994434e9f259a0042ee5b3ebb1b3a31976edf0a4730749c850d533d6f

  • SHA512

    a168dcc5f9dfe68cc250c2dbefee19bd549c4b178a9062f15e657903160b1402dd434ba40805bb8832405fc78da9740b70b856feef89647ce5fcfee54c62daf9

  • SSDEEP

    6144:sJ3MtP2xXEeeWFEuC3h93Fx8u2qEuIE2T9jifJqCtc9jeGbfUTpYDDmu/+3fbK:sTxaUCh93FxmuIE2YtG+pG/YK

Score
10/10
emotetramnitepoch2bankerdiscoveryspywarestealertrojanupxworm

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

64.88.202.250:80

212.51.142.238:8080

200.55.243.138:8080

104.236.246.93:8080

61.19.246.238:443

79.45.112.220:80

95.213.236.64:8080

169.239.182.217:8080

103.86.49.11:8080

87.106.139.101:8080

74.208.45.104:8080

113.160.130.116:8443

209.141.54.221:8080

203.153.216.189:7080

73.11.153.178:8080

186.208.123.210:443

37.187.72.193:8080

201.173.217.124:443

121.124.124.40:7080

24.1.189.87:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-07_1a959249d78a3a300b5719584df79322_icedid_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-07_1a959249d78a3a300b5719584df79322_icedid_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\2025-03-07_1a959249d78a3a300b5719584df79322_icedid_ramnitmgr.exe
      C:\Users\Admin\AppData\Local\Temp\2025-03-07_1a959249d78a3a300b5719584df79322_icedid_ramnitmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2420
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2692
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2284
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1e155fcccd54b61c8c2cd1228c1fb38

    SHA1

    3f4a4dd465463469587e5b8e68f63e46d3121bfc

    SHA256

    58ea66ef34c888eaa3e978e768cb98096e4eee11227b7dfde6694ab48a6faeeb

    SHA512

    5b8ddd657bad50ba281174f5a78b4f3a43f013b4da88ad455d5b295b7772730f1a493b9036a3c13d184362e03ad7ccb911ffebf35da5ed89c78d074670bc4f5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cccbbbe497d7686e588165147a3ef5e0

    SHA1

    ed1c7c201e054f8519d37696238c4b767d6a9e09

    SHA256

    af348288f47d79e42c84b628d08e7a488bdc253bfb15e6642db1f5e2d61d7997

    SHA512

    f238d902f24719e616239ea74ca3bb7fb8cda6aca8eb636ea8750c7635ee755e17a5fee6cf00e69a652ebd74ece4679b15b54997a05d4a41cde72a260b851e78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    238e565e63bead6cff0bbef7e001540a

    SHA1

    c50a89be8673c8049ae970e121201263b18a7763

    SHA256

    1b4889d04efc6a617414fc4191a7d147f4c742121572c10cca2c1eb2f281508d

    SHA512

    8d4518568acae32914d39b663633d1c6fd2b8a8883d945cb85b8508972b24c18165a66f91905f128c17e86f56d732bbc41a7c09b70bfd501eb78d0d28e69ec3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c813be66c41e7c7dc7887c4c6f43886

    SHA1

    139b9c5f842e72bfcf20cae6c93f3c2bc76e511a

    SHA256

    5657c0a3ad4b73677ea5f9ee7138e06876ff48fa77c8b272a0d1a8042133e3a5

    SHA512

    e453974d26c77e1e447943414c018c61ab8f67ddbbc05b4237d2cf0a02a068835ab7b2c93995bf6146f24e470018a5c686a9f4a17a9a08e98e63aedef687d621

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68a4b12e5f03125adb9d254083ea9002

    SHA1

    fecf8724fbe656c324316a6726be7ae4954fa2dc

    SHA256

    2c97c197dc31a344b1ca43b823c22cdf0efb2b7b67b29e631b14f75e7a22c87b

    SHA512

    16a343ddbe42c7b86e3d2f17b6b5417fa8c3b3b3ac27233c1090040228347dde4cac80727230c7f293037c9bd7e169bad4330ae64cfb53362f8205cc398b6561

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    628acb097afadd15c22b6feb2d0d17d5

    SHA1

    de18845c0f7b8776131be9f129eda232730b7449

    SHA256

    c4a54c111dcddb2eb1de358f396deab0684def839132e4640705ace114277c1f

    SHA512

    2868080d757e699036d61a3e2ed8207a14b8a129dd8206996b9316e4694abebfb84b3bb1f0ef1192b495b2b1363c611d101f0eb9e8c6203afd6a63d099e24c3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f06afa9bc73576b5587e6639be384fb

    SHA1

    e23e90bf86282d8704ecfd752f03914dd90b73cc

    SHA256

    2f409b623af04c7da6fc62b6629acf3fb9e2cc4fb49aceaeb8b77eccda73dcdf

    SHA512

    c44f5a01d71b459f0ef590ef7030644d23db16dcfe2be6b35bbd87bf32bdf5b6086474662ba400dae24c1457efd93b1ba00858b559edbe6632c2e14bdf86e2a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d531a0e315172a0bf354abe7f64e5dab

    SHA1

    731a4a8989da28fead248cc566d38add3b3647ac

    SHA256

    1f07a36a5c637015f83fdb6bd9210c800e7760b232dc8e4de98ab07ebf9f30cd

    SHA512

    012483b074d006cfae5158a261a4db45473a97787489c238339aa4cee9ba5dad7b508116428791d42e346473412c33aa13df548ecdcab181c8e6bc4a8ceac7e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f497f9f5142b239dd8ab8d11207d84e

    SHA1

    d0312331fd8d8e09d75d18904861f26cc8ca2c07

    SHA256

    12f0428a842f65e1ba420f5e4d3954ec673b6ed845b7cf0d15fc3dcb8d7e1597

    SHA512

    21aa3d6304602eb92f91ac2767f453d5d0284ccc599e678aa1b1970b9556eb3ccfec66e8f20c2aa65f4f2fdcafd59c17eca3ef3b66a8adf71756a13f28db55db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97b842827d99b574c44dffe0075bdeac

    SHA1

    c79fe862ba87030e2ddc416929ec8b4802e7dc9c

    SHA256

    d7d39d2faeadad51bbca2f6411f5db1f1623c20ccd16d8e8e87453a0a846c64a

    SHA512

    57176f08e5bf77ef1f5008853cdafbd1ddd4d1ec37a5c0169ba94c901b513e9b63aa8b5e5def653314c83b524726c1dbe06ccc4e864692929fc33b39bc0f019e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae0384b2ec266610e85b4c7f03a128ac

    SHA1

    0e6a0806246edcb34bd36422f1c7de7bb7541af4

    SHA256

    c317319fd551da8ea75e5b09d2440c4f7d8e9248718c55f119a3ed560f8f739f

    SHA512

    ff30f9c3f7c59b03b14bc01ca7c95628e9e72bde4595ca85ef23f651975e9892c43c85518fd05d9d41473ce98fad330760c6d5a606a894fe5bf966f0283e32c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e18454f8b81d83d1dbf3f2327147133

    SHA1

    35b2e905d784cf8afee92aa434b2adf951933b46

    SHA256

    3c7c0ea2bca14a65719b02b76fdac79cef75aab6cec1b8c2e7c0820417b2e833

    SHA512

    c7cd25e63bcabb7268da39f7320408366d5a85bd3ca5e98aab643bcbce476267af72421c10e788bcd4f15ba73c45c484628adb8a2ee7c32800335a179a1d9dd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b2412afb55cf6befba116e70c07c463

    SHA1

    79a0d24d122a110065f2a38a47b4cdbf070a9332

    SHA256

    5aa9935da907fe6c65a704dbd50363d42b0f0826eb10e7dbaa621a6b60008aad

    SHA512

    a0a1a80458727a72ed7fbf6055e20bf54bd9c171578114c7256dc019da7e05f5b3d6ca56424c777c41bf4096c842ef4ca4e992543adba884e0f440d2966b8123

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7ac7bd6aad26f11a670d29c6daeccc2

    SHA1

    f7c6e6bcc64f0983130442b256e13813f3cb3231

    SHA256

    1829695f1bdf6fc8adee97a28d7ca5f60b3e2f46e93630d9e236ba99136c2c95

    SHA512

    7f911ab598e517094cb15e964a90212c49826290088317154028abcc0cb1436650a8a60439532ae32a0e3da79f8fb78fa00a0326babe738dcd5ceec5e0d0357f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d5bc527daef1b9e1714a333e4a2f9373

    SHA1

    97c2bea54cbd34ce213610b129f93f688cfb90e1

    SHA256

    c2f39c00f144f85a7bade1c54ee125660c1c12a6ab75b9baa906136e646b4f6d

    SHA512

    96b7da1e3b1b5f8d489c1b6ab6a98a2179d1eeba6a641eb9dcb2ff4d10c3564c58c274907d511b22e19365bb43a1be4a0d1911743a91e17850f87867091fc87f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    949f72eae35e29d5885213da60bb71ba

    SHA1

    9abbae0b6361a028b4ec2101ab45afe2c1d246ce

    SHA256

    c44df99900ff4cf0af811935fac19f754faf31f15122cbc84e17b17ce5fb8ec6

    SHA512

    c92f0a8b4c294cde218daa2e85470b011f44d77018e06eae1076ee33e58484565c5c04fa23c305599803cc950d915fada2dcd22eeaa1a39a327c20e713e59f52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80a3db011c0f551989b2a2e5a965f2b9

    SHA1

    5a62b4cf190795a7dfb408494652db0733f6da9a

    SHA256

    205ed661aab8fd2aaef82af84d2b0eb5b4c4c26262ef805bcf5a3875eb258a0a

    SHA512

    50ffb41071dd62673f4a3b979b6dc83348185694039a31e210b51fd2d2bd7eab82aa5913e39cd15443687a300e3b596dbebabb9a5d21f6263cb14716c96f2983

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94fd220723b24e30d15a7e20a0a4bea4

    SHA1

    38e2c31f504c11330a3568e18c87c5ddcb171686

    SHA256

    33805bb0ad904556729f87500eb9cda523c34ffecfefa609d163f1634abd5fc0

    SHA512

    1397cc18c4e81ce17d5aa8ab9c4c7f4779c23c49e5a1aa08e185a592d2c5c054367bedf454e9d46b085ecfa31d07d793b32f4086c49f87ec90c529b6d83bb70b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8dd9ee51aa5022a57d463a03db842ff

    SHA1

    33694185fa46354451a58364799178ca2fd93032

    SHA256

    aaea2679e6b1a7c9af500a524fe08eb09129aade88e33b4a55410ee0937517e5

    SHA512

    16c1580ef50b052057c17b705dc726971f12c436e9daeb8eaecdb6b845bdc66afd28ee31d6dc977ad3a738de14bf7fc22eb6a3fabe91a5b88711f2f818a7c714

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F4985C01-FB06-11EF-9FB8-523A95B0E536}.dat
    Filesize

    5KB

    MD5

    926ad907f0c8343d4c5e9f25082939ea

    SHA1

    20d2502d62619eedf6231469f55ca796cb4cab8a

    SHA256

    f2113773190e075da050c0fcdce64da1216376bcc148042e91eadec4e1695ec2

    SHA512

    53f02778fd8450bcbc85f497648e50882714198e8cc1a1d192b897ad9ff0522732a0db566259bbd6eb810694d07142ed651e4f1fff44ddf52e5a0e98123f4c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2025-03-07_1a959249d78a3a300b5719584df79322_icedid_ramnitmgr.exe
    Filesize

    105KB

    MD5

    d5ca6e1f080abc64bbb11e098acbeabb

    SHA1

    1849634bf5a65e1baddddd4452c99dfa003e2647

    SHA256

    30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

    SHA512

    aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF6E0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF7D1.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2324-27-0x0000000000280000-0x00000000002DD000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2324-23-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2324-16-0x0000000000260000-0x000000000026E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2324-20-0x00000000003E0000-0x00000000003EC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2324-0-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2324-10-0x0000000000280000-0x00000000002DD000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2324-9-0x0000000000280000-0x00000000002DD000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2992-26-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2992-12-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2992-15-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2992-11-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2992-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2992-13-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download